Hongli Lai <[email protected]> wrote: > After the recent Rubygems.org hack it became clear that somethings > needs to be done about authenticating gems. One of the efforts that > was launched is http://www.rubygems-openpgp-ca.org/. We at Phusion > have just finished signing all our gems and repositories with our PGP > key, and our PGP key has been verified and signed by this CA. > > It would be great if Unicorn can participate as well by signing future > releases. If you already use GnuPG then the process is extremely > straightforward.
Can we designate gems be signed by a trusted third party (e.g. you?) That's how Debian (and presumably other OS distros work). _Nobody_ should trust me. I have and maintain zero credibility. The only credibility any unicorn has is what its users give it. _______________________________________________ Unicorn mailing list - [email protected] http://rubyforge.org/mailman/listinfo/mongrel-unicorn Do not quote signatures (like this one) or top post when replying
